This is fundamentally a legal problem - namely, that our virtual and physical privacy are treated much differently. Our online data is often held by third parties who need not respect our wishes about how our private data is handled and cannot necessarily be trusted to act in our best interest. And this problem isn't limited to last.fm, it spans multiple classes of private data, from webmail to credit card transactions.

Hat tip to http://www.schneier.com/crypto-gram-0905.html#3